This repository contains my practical web application security learning portfolio, focused on manual testing methodology, OWASP Top 10 vulnerabilities, authentication flaws, access control issues, API testing, and professional reporting.
| Section | Description |
|---|---|
| Sample Reports | Professional-style vulnerability reports |
| Methodology | My web application testing workflow |
| Checklists | Auth, access control, input validation, API testing |
| Labs & Writeups | Retired lab writeups and lessons learned |
| Tools | Small scripts created to support testing |
- Scope review
- Application mapping
- Authentication testing
- Authorization and access control testing
- Input validation testing
- Business logic review
- Evidence collection
- Risk rating
- Remediation guidance
- Retesting notes
- Manual Web Application Testing
- OWASP Top 10
- Burp Suite Workflow
- Authentication & Authorization Testing
- Vulnerability Documentation
- Technical Report Writing